CD
Cloudflare Developers2y ago
merp

Deleting a hostname association for authenticated origin pulls

Hi, I am trying to delete a hostname association for authenticated origin pulls: https://developers.cloudflare.com/api/operations/per-hostname-authenticated-origin-pull-enable-or-disable-a-hostname-for-client-authentication For now I set all of them to null with PUT https://api.cloudflare.com/client/v4/zones/**snip**/origin_tls_client_auth/hostnames, which according to the docs is supposed to invalidate the entry, but then when I do GET https://api.cloudflare.com/client/v4/zones/**snip**/origin_tls_client_auth/hostnames it is still listed there. Can it be deleted entirely?
Cloudflare API Documentation
Interact with Cloudflare's products and services via the Cloudflare API
3 Replies
Chaika
Chaika2y ago
If it's possible it's certainly not documented well. There is /hostnames/<hostname> like /origin_tls_client_auth/hostnames/www.example.com, but DELETE isn't an allowed method to it.
archon810
archon8105mo ago
archon810
archon8105mo ago
@merp (Taiwan arc) @Chaika I just went through the same thing and showed CF enterprise support that this is a bug in their system, and the necessary APIs are missing. They ended up finally escalating to eng and manually deleting the entry for the subdomain, which fixed the issue with "400 Bad Request No required SSL certificate was sent". I will try to push for a better fix (new API endpoint? Doc updates?), but not sure if they will. The solution is to have the https://api.cloudflare.com/client/v4/zones/{{zone_id}}/origin_tls_client_auth/hostnames/YOUR_SUBDOMAIN API call return "status": "deleted" instead of "status": "active". Even "cert_status": "deleted" and "enabled": false don't seem to matter, only "status".

Did you find this page helpful?